// -*- IDL -*-

#ifndef _SECURITY_IDL_
#define _SECURITY_IDL_

#include "tao/TimeBase.pidl"
#include <orb.idl>

#pragma prefix "omg.org"

module Security {

#pragma version Security 1.8

    typedef string SecurityName;
    typedef sequence<octet> Opaque;

    // Constant declarations for Security Service Options
    const CORBA::ServiceOption SecurityLevel1 = 1;
    const CORBA::ServiceOption SecurityLevel2 = 2;
    const CORBA::ServiceOption NonRepudiation = 3;
    const CORBA::ServiceOption SecurityORBServiceReady = 4;
    const CORBA::ServiceOption SecurityServiceReady = 5;
    const CORBA::ServiceOption ReplaceORBServices = 6;
    const CORBA::ServiceOption ReplaceSecurityServices = 7;
    const CORBA::ServiceOption StandardSecureInteroperability = 8;
    const CORBA::ServiceOption DCESecureInteroperability = 9;

    // Service options for Common Secure Interoperability
    const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
    const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
    const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;

    // Security mech types supported for secure association
    const CORBA::ServiceDetailType SecurityMechanismType = 1;

    // privilege types supported in standard access policy
    const CORBA::ServiceDetailType SecurityAttribute = 2;

   // extensible families for standard data types
    struct ExtensibleFamily {
        unsigned short        family_definer;
        unsigned short        family;
    };

    typedef sequence<octet> OID;

    typedef sequence<OID> OIDList;

    // security attributes
    typedef unsigned long SecurityAttributeType;

    // other attributes; family = 0

    const SecurityAttributeType    AuditId = 1;
    const SecurityAttributeType    AccountingId = 2;
    const SecurityAttributeType    NonRepudiationId = 3;

    // privilege attributes; family = 1

    const SecurityAttributeType    _Public = 1;
    const SecurityAttributeType    AccessId = 2;
    const SecurityAttributeType    PrimaryGroupId = 3;
    const SecurityAttributeType    GroupId = 4;
    const SecurityAttributeType    Role = 5;
    const SecurityAttributeType    AttributeSet = 6;
    const SecurityAttributeType    Clearance = 7;
    const SecurityAttributeType    Capability = 8;

    struct AttributeType {
        ExtensibleFamily      attribute_family;
        SecurityAttributeType attribute_type;
    };

    typedef sequence<AttributeType> AttributeTypeList;

    struct SecAttribute {
        AttributeType         attribute_type;
        OID                   defining_authority;
        Opaque                value;
        // the value of this attribute can be
        // decoded only with knowledge of defining authority
    };

    typedef sequence <SecAttribute> AttributeList;

    // Authentication return status
    enum AuthenticationStatus {
        SecAuthSuccess,
        SecAuthFailure,
        SecAuthContinue,
        SecAuthExpired
    };

    // Association return status
    enum AssociationStatus {
        SecAssocSuccess,
        SecAssocFailure,
        SecAssocContinue
    };

    // Authentication method
    typedef unsigned long AuthenticationMethod;

    typedef sequence<AuthenticationMethod> AuthenticationMethodList;

    // Credential types

    enum InvocationCredentialsType {
        SecOwnCredentials,
        SecReceivedCredentials,
        SecTargetCredentials
    };

    // Declarations related to Rights

    struct Right {
        ExtensibleFamily        rights_family;
  string                  the_right;
    };

    typedef sequence <Right> RightsList;

    enum RightsCombinator {
        SecAllRights,
        SecAnyRight
    };

    // Delegation related

    enum DelegationState {
        SecInitiator,
        SecDelegate
    };

    enum DelegationDirective {
        Delegate,
        NoDelegate
    };

    // pick up from TimeBase

    typedef TimeBase::UtcT        UtcT;
    typedef TimeBase::IntervalT   IntervalT;
    typedef TimeBase::TimeT       TimeT;

    // Security features available on credentials.

    enum SecurityFeature {
        SecNoDelegation,
        SecSimpleDelegation,
        SecCompositeDelegation,
        SecNoProtection,
        SecIntegrity,
        SecConfidentiality,
        SecIntegrityAndConfidentiality,
        SecDetectReplay,
        SecDetectMisordering,
        SecEstablishTrustInTarget,
        SecEstablishTrustInClient
    };

    // Quality of protection which can be specified
    // for an object reference and used to protect messages
    enum QOP {
        SecQOPNoProtection,
        SecQOPIntegrity,
        SecQOPConfidentiality,
        SecQOPIntegrityAndConfidentiality
    };

    // Type of SecurityContext
    enum SecurityContextType {
        SecClientSecurityContext,
        SecServerSecurityContext
    };

    // Operational State of a Security Context
    enum SecurityContextState {
        SecContextInitialized,
        SecContextContinued,
        SecContextClientEstablished,
        SecContextEstablished,
        SecContextEstablishExpired,
        SecContextExpired,
        SecContextInvalid
    };

    struct ChannelBindings {
      unsigned long   initiator_addrtype;
      CORBA::OctetSeq initiator_address;
      unsigned long   acceptor_addrtype;
      CORBA::OctetSeq acceptor_address;
      CORBA::OctetSeq application_data;
    };

    // For use with SecurityReplaceable
    struct OpaqueBuffer {
      Opaque buffer;
      unsigned long startpos;
      unsigned long endpos;
      // startpos <= endpos
      // OpaqueBuffer is said to be empty if startpos == endpos
    };

    // Association options which can be administered
    // on secure invocation policy and used to
    // initialize security context
    typedef unsigned short    AssociationOptions;

    const AssociationOptions NoProtection = 1;
    const AssociationOptions Integrity = 2;
    const AssociationOptions Confidentiality = 4;
    const AssociationOptions DetectReplay = 8;
    const AssociationOptions DetectMisordering = 16;
    const AssociationOptions EstablishTrustInTarget = 32;
    const AssociationOptions EstablishTrustInClient = 64;
    const AssociationOptions NoDelegation = 128;
    const AssociationOptions SimpleDelegation = 256;
    const AssociationOptions CompositeDelegation = 512;

    // Flag to indicate whether association options being
    // administered are the "required" or "supported" set
    enum RequiresSupports {
        SecRequires,
        SecSupports
    };

    // Direction of communication for which
    // secure invocation policy applies
    enum CommunicationDirection {
        SecDirectionBoth,
        SecDirectionRequest,
        SecDirectionReply
    };

    // security association mechanism type
    typedef string MechanismType;
    typedef sequence<MechanismType> MechanismTypeList;

    // AssociationOptions-Direction pair
    struct OptionsDirectionPair {
        AssociationOptions           options;
        CommunicationDirection       direction;
    };

    typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;

    // Delegation mode which can be administered
    enum DelegationMode {
        SecDelModeNoDelegation,       // i.e. use own credentials
        SecDelModeSimpleDelegation,   // delegate received credentials
        SecDelModeCompositeDelegation // delegate both
    };

    // Association options supported by a given mech type
    struct MechandOptions {
        MechanismType        mechanism_type;
        AssociationOptions   options_supported;
    };

    typedef sequence <MechandOptions> MechandOptionsList;

    // Attribute of the SecurityLevel2::EstablishTrustPolicy
    struct EstablishTrust {
      boolean trust_in_client;
      boolean trust_in_target;
    };

    // Audit
    typedef unsigned long  AuditChannelId;
    typedef unsigned short _EventType;

    const _EventType    AuditAll = 0;
    const _EventType    AuditPrincipalAuth = 1;
    const _EventType    AuditSessionAuth = 2;
    const _EventType    AuditAuthorization = 3;
    const _EventType    AuditInvocation = 4;
    const _EventType    AuditSecEnvChange = 5;
    const _EventType    AuditPolicyChange = 6;
    const _EventType    AuditObjectCreation = 7;
    const _EventType    AuditObjectDestruction = 8;
    const _EventType    AuditNonRepudiation = 9;

    enum DayOfTheWeek {
      Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
    };

    enum AuditCombinator {
      SecAllSelectors,
      SecAnySelector
    };

    struct AuditEventType {
        ExtensibleFamily    event_family;
        _EventType           event_type;
    };

    typedef sequence <AuditEventType> AuditEventTypeList;

    typedef unsigned long SelectorType;

    const SelectorType    InterfaceName = 1;
    const SelectorType    ObjectRef = 2;
    const SelectorType    Operation = 3;
    const SelectorType    Initiator = 4;
    const SelectorType    SuccessFailure = 5;
    const SelectorType    Time = 6;
    const SelectorType    DayOfWeek = 7;

    // values defined for audit_needed and audit_write are:
    // InterfaceName: CORBA::RepositoryId
    // ObjectRef: object reference
    // Operation: op_name
    // Initiator: Credentials
    // SuccessFailure: boolean
    // Time: utc time on audit_write; time picked up from
    //       environment in audit_needed if required
    // DayOfWeek: DayOfTheWeek

    struct SelectorValue {
        SelectorType        selector;
        any                 value;
    };

    typedef sequence <SelectorValue> SelectorValueList;

    // Constant declaration for valid Security Policy Types

    // General administrative policies
    const CORBA::PolicyType SecClientInvocationAccess = 1;
    const CORBA::PolicyType SecTargetInvocationAccess = 2;
    const CORBA::PolicyType SecApplicationAccess      = 3;
    const CORBA::PolicyType SecClientInvocationAudit  = 4;
    const CORBA::PolicyType SecTargetInvocationAudit  = 5;
    const CORBA::PolicyType SecApplicationAudit       = 6;
    const CORBA::PolicyType SecDelegation             = 7;
    const CORBA::PolicyType SecClientSecureInvocation = 8;
    const CORBA::PolicyType SecTargetSecureInvocation = 9;
    const CORBA::PolicyType SecNonRepudiation         = 10;


    // Policies used to control attributes of a binding to a target
    const CORBA::PolicyType SecMechanismsPolicy            = 12;
    const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
    const CORBA::PolicyType SecFeaturePolicy               = 14; // obsolete
    const CORBA::PolicyType SecQOPPolicy                   = 15;

    const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
    const CORBA::PolicyType SecEstablishTrustPolicy      = 39;
};

#pragma prefix ""

#endif /* _SECURITY_IDL_ */
